Although it is possible to set MAC spoofing off for virtual functions in virtio, it is currently impossible via libvirt's hostdev assignment. This inhibits functionality that requires in-guest MAC alterations such as having a virtual function be part of a bond or a bridge. For example, if we're interested in setting MAC spoofing off in a bridge interface, we add a 'no-mac-spoofing' filter tag: <interface type='bridge'> <source bridge='br0'/> <mac address='00:16:3e:1a:b3:4a'/> <filter name ='no-mac-spoofing'/> <model type='virtio'/> </interface> The default configuration sets MAC spoofing on, and it is configurable via the filter tag. In a hostdev interface, however, MAC spoofing is disabled by default and is not configurable. Similarly to the aforementioned bridge example, please consider adding a filter tag to allow MAC spoofing in a hostdev interface: <interface type='hostdev' managed='yes'> <source> <address type='pci' domain='0x0' bus='0x00' slot='0x07' function='0x0'/> </source> <mac address='52:54:00:6d:90:02'> <filter/> # disable filters (implicitly allows mac spoofing)? </interface>
The <filter> element is only for configuring libvirt's nwfilter rules. Making a single config item have a secondary implied functionality has historically led to problems later, so if there is a config option for this, it should stand on its own. Beyond that, is it really necessary to allow mac spoofing in order for bonding to work? Can't you just set the MAC address of the interface to the desired value in the libvirt config in the first place? (there is nothing in libvirt preventing multiple interfaces from having the same configured mac address)
I see. If so, indeed, perhaps some other suiting element then? This is up to the guest to decide; I don't think enforcing similar MAC addresses as beyond a temporary solution is appropriate. Besides, I'm sure there are other scenarios enforcing similar MAC addresses won't work or is not relevant (bond consisting of more than 1 VF, bridge, etc)
My point is that you can set the MAC address to anything you like in the libvirt config, including setting two interfaces to the same MAC address. So does bonding require that the guest have the interface MAC address initially set to one particular MAC address, and then later at runtime changed to something else? Or can the MAC addresses of the two interfaces simply be set identically in the libvirt config?
We don't want to continuously police MAC addresses; we want the guest to be able to spoof them as per virtio's default. Bonding was one example where spoofing would be useful, but there are multiple others (in-guest bridge, etc).